Tag Archive for: Gang

County Identifies Gang That Has Taken Down CAD System

/in


The 9-1-1 center.
Credit: Tom Sofield/LevittownNow.com

Bucks County officials have identified the ransomware gang behind the attack that has crippled the countywide computer-aided dispatch (CAD) system.

In a statement, county officials said they have informed “local, state and federal partners that the ransomware ‘Akira’ is involved so that they can have situational awareness and review their own systems. ”

Akira, according to various news reports from around the globe, is a cyberattack gang that has hit governments and businesses. The gang can charge millions to release captured data.

The county said in a weekend statement that it “continues to investigate the cybersecurity incident.”

Sources have said federal law enforcement has been investigating the attack. The FBI and Bucks County District Attorney’s Office declined to comment.

“The county continues to work closely with third-party experts to conduct a thorough investigation,” Bucks County officials said in a statement.

Officials have not commented on how much the ransom request was, whether the county is talking with the attackers, if the county has considered paying the ransom, or what will happen to the captured information, which includes sensitive data handled by emergency crews.

While the 9-1-1 system remains operational, the CAD system used by local law enforcement, firefighters, and ambulance squads continued to be out of service as of Saturday afternoon.

The cyberattack kicked off with the outage that started last Sunday.

The outage has led to responders across Bucks County going back to pen and paper and other inconveniences. Call-takers and dispatchers have been using pen and paper and spreadsheets to handle calls.

There have been some frustrations and slowdowns in responses with the CAD system being down, police and fire officials have said.

The Pennsylvania National Guard has been among the state and federal agencies assisting the county.

Report a correction via email | Editorial standards and policies


Source…

Ransomware gang demands €10 million after attacking Spanish council

/in


The mayor of Calvià, a municipality on the Spanish island of Majorca, has said the city council will not be paying an approximately €10 million extortion fee demanded by criminals following a ransomware attack.

Calvià, a region on the southwestern part of the resort island, has around 50,000 residents who have been informed that the council is working to “recover normality as soon as possible.”

In a statement on the council’s website, it confirmed that a crisis cabinet had been formed to evaluate the scope of the cyberattack, which was discovered on Saturday morning.

“The IT Service, accompanied by a team of specialists, is working on the mandatory forensic analyses, as well as on the recovery processes of our affected services,” the statement said.

Mayor Juan Antonio Amengual has said he will not consider paying the extortion fee, as reported by the Majorca Daily Bulletin. He also released a video statement on social media.

Spain was among the Counter Ransomware Initiative signatories that last year pledged “relevant institutions under the authority of our national government should not pay ransomware extortion demands.”

As a result of the attack on Calvià, the council has had to temporarily suspend all administrative deadlines — for instance the submission of civil claims and requests — until the end of January.

The city council said it had contacted the cybercrime department of the Civil Guard and shared its preliminary forensic analysis.

“The city council deeply regrets the inconvenience that this situation may cause and reiterates its firm commitment to resolve the current situation in the most orderly, rapid and effective manner possible,” the website said.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Alexander Martin

Alexander Martin is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.

Source…

Fidelity National Financial discloses cyberattack previously linked to ransomware gang

/in


Insurance and settlement service giant Fidelity National Financial Inc. has officially disclosed that they suffered from a “cybersecurity incident” that the infamous ransomware gang ALHPV/BlackCat claimed responsibility for in November.

The disclosure came via a Jan. 9 filing with the U.S. Securities and Exchange Commission, which states that Fidelity National became aware of a cybersecurity incident on Nov. 19 that impacted certain systems. The company then ticked off the standard response list: hiring third-party experts, notifying law enforcement and regulatory authorities and taking measures to block access to affected systems.

The incident is described as causing “varying levels of disruption” before being contained on Nov. 26 and systems restored. An investigation completed on Dec. 19 subsequently found that an unauthorized third party had accessed certain systems, deployed malware and exfiltrated certain data.

Fidelity National added that it has no evidence that any customer-owned system was directly impacted in the incident and no customer has reported that this has occurred. The last confirmed date of unauthorized third-party activity in the company’s network occurred Nov. 20.

Affected customers have been notified and offered credit monitoring, web monitoring and identity theft restoration services. Fidelity is also continuing to coordinate with law enforcement, its customers, regulators, advisers and other stakeholders.

What’s missing from the disclosure is any mention of ransomware. Companies describing attacks at cybersecurity incidents aren’t new, but usually, the notices don’t follow widespread media coverage of them being targeted by a ransomware gang. That ALPHV/BlackCat is behind the attack is also highly believable, as the ransomware gang was one of the most prolific through 2023.

Cybersecurity experts agree with Craig Jones, vice president of security operations at SecOps security company Ontinue Inc., telling SiliconANGLE that per the SEC filing, the attack involved data exfiltration,

“Fidelity National Financial appears to have experienced a ransomware attack attributed to the ALPHV/BlackCat ransomware group,” Jones said….

Source…

Ransomware gang targets nonprofit providing clean water to world’s poorest

/in


Water for People, a nonprofit that aims to improve access to clean water for people whose health is threatened by a lack of it for drinking and sanitation, is the latest organization to have been hit by ransomware criminals.

The ransomware-as-a-service gang Medusa listed Water for People on its darknet site Thursday night, threatening to publish stolen information unless the nonprofit pays a $300,000 extortion fee.

A Water for People spokesperson told Recorded Future News: “The accessed data predates 2021, did not compromise our financial systems and no business operations were impacted. We’re working with top incident response firms, as well as our insurance company and hardening our systems with our security team to prevent future incidents.”

The attack follows the nonprofit receiving a $15 million grant from MacKenzie Scott, the billionaire ex-wife of Amazon founder Jeff Bezos. There is no evidence that Water for People was specifically targeted because of this donation.

The organization operates in nine different countries, from Guatemala and Honduras in Latin America, to Mozambique in Africa and to India, and aims to improve water access for more than 200 million people over the next eight years.

“While the recent cyber attack from Medusa Locker Ransomware has not impacted our important work fighting the global water crisis and equipping communities with lasting access to clean water and sanitation services, it does reflect that even non-profits like ours are in the cross-hairs of these threat actors. We attempted good-faith negotiations that led nowhere,” the spokesperson added.

It is not the first time the Medusa gang’s activities have impacted an organization associated with water provision, although the gang and its affiliates appear to work opportunistically, according to new analysis by Palo Alto Networks’ Unit 42.

Last year, an Italian company that provides drinking water to nearly half a million people was hit by the gang.

Back in 2021, U.S. law enforcement agencies said ransomware gangs in general had hit five water and wastewater treatment facilities in the country — not including three other widely reported cyberattacks on water utilities.

Despite…

Source…